nerdexam
EC-Council

312-50V13 · Question #454

An attacker decided to crack the passwords used by industrial control systems. In this process, he employed a loop strategy to recover these passwords. He used one character at a time to check whether

The correct answer is A. Side-channel attack. The attacker employed a side-channel attack by exploiting timing differences in the authentication process to deduce password characters one by one.

Submitted by viktor_hu· Mar 6, 2026System Hacking

Question

An attacker decided to crack the passwords used by industrial control systems. In this process, he employed a loop strategy to recover these passwords. He used one character at a time to check whether the first character entered is correct; if so, he continued the loop for consecutive characters. If not, he terminated the loop. Furthermore, the attacker checked how much time the device took to finish one complete password authentication process, through which he deduced how many characters entered are correct. What is the attack technique employed by the attacker to crack the passwords of the industrial control systems?

Options

  • ASide-channel attack
  • BDenial-of-service attack
  • CHMI-based attack
  • DBuffer overflow attack

How the community answered

(40 responses)
  • A
    90% (36)
  • B
    3% (1)
  • C
    3% (1)
  • D
    5% (2)

Why each option

The attacker employed a side-channel attack by exploiting timing differences in the authentication process to deduce password characters one by one.

ASide-channel attackCorrect

A side-channel attack exploits information gained from the physical implementation of a system, such as timing differences in execution, to infer sensitive data. In this scenario, the attacker uses the time taken for authentication to deduce the correctness of individual password characters.

BDenial-of-service attack

A denial-of-service attack aims to make a service unavailable, not to deduce passwords by observing system behavior.

CHMI-based attack

An HMI-based attack targets the Human-Machine Interface for unauthorized control, not for password cracking via timing analysis.

DBuffer overflow attack

A buffer overflow attack involves overwriting memory beyond allocated buffer space, which is unrelated to the described timing-based password cracking method.

Concept tested: Timing-based side-channel attacks

Source: https://www.microsoft.com/security/blog/2019/07/22/a-look-at-side-channel-attacks-and-their-mitigation/

Topics

#side-channel attack#password cracking#ICS security#timing attack

Community Discussion

No community discussion yet for this question.

Full 312-50V13 Practice